Many techniques exist that attempt to protect against unwanted code (e.g., malware, etc.). For example, virtual machines may be used to run and analyze (e.g., debug) unwanted code on a system. In another example, debuggers may be used to analyze unwanted code and attempt to reverse engineer the code. These techniques attempt to collect information about the unwanted code, event when source code for the unwanted code is unavailable.
However, such techniques generally exhibit various limitations in detecting unwanted code. For example, authors of unwanted code may protect and/or pack the unwanted code for preventing detection thereof by a virtual machine. Protectors and packers are widely available, and code that is easily compressed or packed may be difficult or impossible to unpack or replicate, by existing methods. As another example, authors of unwanted code may disable execution of the code to prevent detection thereof by a debugger. Thus, utilizing current techniques may result in unwanted code that is resistant to detection.
There is thus a need for overcoming these and/or other issues associated with the prior art.